Liquid UI - Documentation - 4.09 Diagnose/Check RFC User authorization error<br />

4.09 Diagnose/Check RFC User authorization error


Purpose

You can check RFC user's authorization result in SU53 transaction to diagnose the issue and send the information to the security team in order to grant proper authorization.

You will receive the RFC user authorization error when the remote function call is returning authority exception or data is not matching with the result from SE37. This error is shown if the RFC user doesnot have proper authority to execute specific function module.


User Interface

In this scenario, you will be learning how to check the RFC user authorization error in your SAP.

  1. Execute the function module call via script and then if an RFC exception is occurred then SAP will capture the authorization issue detail
  2. You can use the Liquid UI Script in SAP Easy Access screen that uses function module call and if you use wrong RFC user details then you will receive an authorization error
     
  3. To view the authorization error, navigate to SU53 transaction
     
  4. Switch to different user or authorization object. You can view a popup window to select User in the "User" field, Authorization Object, and then click "Execute".
     
  5. If you find any failed authorization record, you can take a screen shot of this screen and send it to your security team for further diagnose.
     


Liquid UI Script

//USER_CATALOG.sjs

/**
User Group Corresponding to Directory1

var GROUP_CATALOG_ARRAY = [
        {
            "groupname":"G1",
            "d1":"c:\\guixt\\G1\\d1",
            "tcode":"/nsmen"
        },
        {
            "groupname":"G2",
            "d1":"SAPWR:Z.GUIXT",
            "tcode":"/nva01"
        },
        {
            "groupname":"G3",
            "d1":"\\\\guixt.com\\usr\\SYNACTIVE\\Accounts\\Sempra\\M&I Group\\Consulting\\Scripts\\LC-FOS-DOC_scripts",
            "tcode":"/nva01"
        }
];     
**/

var GROUP_CATALOG_ARRAY = [
    {
        "groupname":"G1",
        "d1":"c:\\guixt\\G1\\d1",
        "tcode":"/nsmen"
    },
    {
        "groupname":"G2",
        "d1":"\\\\guixt.com\\usr\\SYNACTIVE\\Accounts\\Sempra\\M&I Group\\Consulting\\Scripts\\LC-FOS-DOC_scripts",
        "tcode":"/nva01"
    }
]; 
    

/**

User assignment to *one* group

var USER_CATALOG_ARRAY = [
        {
            "user":"800/umang", 
            "group":"G1"
        },
        {
            "user":"800/zac", 
            "group":"G1"
        },
        {
            "user":"800/rumi", 
            "group":"G2"
        }
    ]; 
**/


var USER_CATALOG_ARRAY = [
    {
        "user":"800/umang", 
        "group":"G1"
    },
    {
        "user":"800/zlee", 
        "group":"G3"
    },
]; 
    

/**

SAP Role assignment to *one* group

var ROLE_CATALOG_ARRAY = [
        {
            "role":["Z_GUIXTNEW"], 
            "group":"G1"
        },
        {
            "role":["ZGUIXTROLE2"], 
            "group":"G1"
        }
    ]; 
**/


var ROLE_CATALOG_ARRAY = [
    {
        "role":["Z_GUIXTNEW","Z_GUIXTRFC4"], 
        "group":"G1"
    }
];    
    
    
    
    
/**
Load User Catalog Call Function
**/    
    
//Function to load the user catalog
function load_user_catalog(group_array,user_array,role_array) {
    var current_client_user = _client + '/' + _user.toLowerCase().replace(/^\s+|\s+$/g,"");
    
    if(user_array && user_array.length > 0) {
        for(i = 0; i<user_array.length; i++) {
            if(user_array[i].user == current_client_user) {
                for(j = 0; j<group_array.length; j++) {
                    if(user_array[i].group == group_array[j].groupname) {
                        if(group_array[j].d1) {
                            enter(group_array[j].tcode +"/d1=" + group_array[j].d1);
                            break;
                        }
                    }
                }
                break;
            }
        }
    }
    
    if(role_array && role_array.length > 0) {
        var Z_ROLES = [];
        call('BAPI_USER_GET_DETAIL', {"in.USERNAME":"&V[_user]","table.ACTIVITYGROUPS":"Z_ROLES"});
        for(i = 0; i<role_array.length; i++) {
            var role_match_count = 0;
            for(m = 0; m <role_array[i].role.length; m++) {
                for (j = 0; j < Z_ROLES.length; j++) {
                    var z_userrole = Z_ROLES[j].toString().substring(0,30);
                    if(role_array[i].role[m].toLowerCase().replace(/^\s+|\s+$/g,"") == z_userrole.toLowerCase().replace(/^\s+|\s+$/g,"")) {
                        role_match_count++;
                    }
                }
            }
            if(role_match_count == role_array[i].role.length) {
                for(k = 0; k<group_array.length; k++) {
                    if(role_array[i].group == group_array[k].groupname) {
                        if(group_array[k].d1) {
                            enter(group_array[k].tcode +"/d1=" + group_array[k].d1);
                            break;
                        }
                    }
                }
                break;
            }
        }
    }
}

//Call function once
if(!load_user_catalog_flag) {
    load_user_catalog_flag = 'X';
    load_user_catalog(GROUP_CATALOG_ARRAY,USER_CATALOG_ARRAY,ROLE_CATALOG_ARRAY);
}


//SAPLSMTR_NAVIGATION.E0100.sjs

/**************************************************************************************
    Screen        :     SAPLSMTR_NAVIGATION.E0100
    Description    :    Launchpad
    Version        :    1.0
    Author        :     Zac
**************************************************************************************/
load('user_catalog.sjs');


 

Can't find the answers you're looking for?




Leave Feedback

Have a Question?

Ask the Community